cfs -- buffer overflow

ID DSA-116
Type debian
Reporter Debian
Modified 2002-03-02T00:00:00


Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix(tm) file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it.

This problem has been fixed in version 1.3.3-8.1 for the stable Debian distribution and in version 1.4.1-5 for the testing and unstable distribution of Debian.

We recommend that you upgrade your cfs package immediately.